Pub. 5 2016 Issue 9

December 2016 15 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s help them recognize what a phishing attempt might look like. Advise employees not to click on links or open attachments or emails from those they do not regularly do business with. Use Superior Security Technology. Even with proper training, employees may open an attachment or visit an infected site. That is why it is necessary for banks to take other standard security technology measures such as ensuring a firewall is in place. Anti-virus software should be used to detect and prevent infection, while web and email filtering software should be used to reduce exposure. It is important to apply security patch- es and regularly update all security software. Segregate Access. Managing user access to data can lessen the risk of a successful ransomware attack. The number of employ- ees with administrative access should be limited, and access should not be assigned unless absolutely necessary. Employ- ees should only have access to the files or directories that are relevant to their job functions. Networks and data should be separated for each organizational unit. In the Case of an Attack Despite a bank’s best efforts to protect against ransomware, an incident may still occur. If it does, both the FBI and the Federal Financial Institutions Examination Council (FFIEC) encourage ransomware victims to notify law enforcement immediately. Law enforcement officials, such as the FBI, can assist in determining whether or not it is in the bank’s best interest to pay the ransom. In addition, the FFIEC recommends notifying the appropriate bank regulatory authority of any ransomware incident, and possibly filing a Suspicious Activity Report. Banks may also file a notice of a ransomware incident on the FBI’s Internet Crime Complaint Center at www.ic3.gov. A Costly Crime Ransomware is a rising threat for U.S. businesses as an increasing number of cyber criminals adapt it as their newest method of extortion. According to the FBI, these criminals collected $209 million in the first quarter of 2016 – which puts ransomware on pace to be a $1 billion crime in 2016. Banks must take preventative measures to avoid falling victim to a ransomware scheme and suffering potentially irreparable losses. Craig M. Collins is President at OneBeacon Financial Services. He has 30+ years of experience in the financial institution industry. Collins can be reached at ccollins@onebeacon.com . To learn more about OneBeacon Financial Services, visit onebeaconfs.com. Joe Budzyn is VP & Senior InfoTech Product Manager at OneBeacon Technology Insurance. His 20+ years of experience include positions in network infrastructure and security. Joe can be reached at jbudzyn@one- beacon.com. To learn more about OneBeacon Technology Insurance, visit onebeacontech.com. Business can be complicated. Make it a little less taxing. WWW.MOSSADAMS.COM/FI Serving clients from 29 locations, including Kansas City: (913) 599-3236 For more than a century, we’ve helped clients reduce risk, save money, and plan for the future through industry-smart tax, assurance, and consulting solutions. With big-firm resources and partner-level attention, what will you accomplish?